Learn the top quick steps, then deepen your knowledge and learn more strategies with key IU resources from Protect IU and the IU Knowledge Base.
Plus, find high-quality training resources available at IU.
Think before you click—Quick steps
2. Rethink
If you can't verify the sender, do not click at all.
How: If the email refers to a known website, type that website address into a new browser window instead and check for information there.
3. Report
Suspect it's a phish? Send the alert.
How: Contact your campus UITS Support Center for help on how to report it.
Description of the video:
[ Music ]
>> Hold on there. Think before you click. One good way to recognize a phish or a malicious email is to verify the sender. Double-click on the sender's name to see the real email address. If using Gmail, move your mouse over the text, but don't click. If using a mobile device, tap instead. If the revealed email address isn't what you expected for that sender, beware it could be a phish. This email is definitely a phish. So ask yourself did you expect an email from this person or group? Is the sender's actual email address legitimate, including the full domain after the @ sign? If you can't verify the sender, do not click any links or take any requested action. Instead, look carefully at the email. If it appears suspicious, report it. There are even more ways to recognize a wolf in sheep's clothing, but checking the sender's real address is a good step. Find more tips to recognize, rethink, and report on phishing.iu.edu.
[ Sheep bleating ]
View the sender's real email address
Double-click or tap the sender's name to view the real email address. (In Gmail, hover over the sender's name, which means to move your mouse over the text but don't click.)
Make sure it matches the expected email address and has a legitimate domain after the @ symbol in the email address. (For example, "@ iu.edu" has a legitimate IU domain, but "@ indiana.me" does not have a legitimate IU email domain.)
Look for the trusted security footer on official IU emails
Official IU emails now use the secure IU Trusted Footer. This shows who the message is from and who it is intended for in the text at the bottom of the email.
Description of the video:
[ Music ]
>> Good call. Clicking on that link could have been bad. That email could have been a phish. External email flagging, which is now turned on by default for all IU email accounts, can help you recognize when an email is spoofed to look like it's coming from a trusted source. So don't let a phish get your goat. Use extra caution with any email marked as external because it is not from a trusted IU domain.Visit phishing.iu.edu to learn more about how to protect yourself.
Flag external emails
By recognizing quickly which emails are from non-IU senders, you can better spot potential phishing attempts. External email flagging is activated by default for everyone at IU.
Think critically about the request
Think carefully about whether the named email source should make this type of request.
Reveal actual URLs before clicking
Before clicking, make sure you trust the destination of the URL. Some links can trick viewers by having a safe URL as the viewable text, but the actual destination URL is a scam site. Remember the phrase "hover to discover." Here's how:
- On a desktop computer, to hover on a link, position your mouse cursor over the linked text without clicking on it. This will reveal a small text box that contains the full destination URL.
- On mobile devices, the technique to show the URL without opening the destination webpage can vary. Often, it involves a light-pressure long press.
Practice with this link. Hovering should reveal the URL "https://www.iu.edu/" in small text at the bottom left of this web browser window.
When you hover in your email, often the full URL will appear in small text right next to the link.
Before you click, always be sure you trust the full URL.
Description of the video:
[ Music ]
Hold on. I would rethink this one. If you have not verified the sender, do not click on links in emails at all. If the email refers to a known website, type that website address into a new browser window instead to verify its authenticity. Even for trusted contacts and emails, it's a good idea to hover over the link first without clicking on it. This should reveal a small popup with the actual destination URL. Only click if you trust that revealed URL completely. This email is definitely a phish. So, think before you click. There are even more ways to recognize a wolf in sheep's clothing, but not clicking any links from unknown senders is a good step. Find more tips to recognize, rethink, and report on phishing.iu.edu.
[ Music ]
Avoid clicking links in emails
The best solution is to go directly to a known website address rather than clicking links in an email. Instead of clicking links in notification emails, go to the trusted website address and check for notices there.
Think critically about the message
Think critically about the way the email is worded and what the request is. Anything urgently requesting action regarding financial transactions or providing sensitive information should be a red flag to investigate carefully.
Get more tips from the Protect IU site on how to analyze messages.
View emails in plain text
Viewing emails in plain text can reveal details that scammers try to hide, including full URLs for all links.
Report the message in Outlook
You can use the built-in reporting features in Outlook to report suspicious email to the IT Security Office.
Report a phishing message in OutlookNever open attachments from unverified senders
If you can't verify the sender, don't click the attachment. Attachments are a key way that malware and harmful files are sent in phishing attacks.
Description of the video:
[ Music ]>> Good call. This email looks suspicious. If a suspected phishing email targets IU in any way, you can contact the UITS support center for help on how to report it. They will help you get the alert to IU's university information policy office, which can then evaluate the thread and minimize risk for the rest of the IU community. Outlook and student Gmail users at IU can also get a one-click reporting tool that takes care of reporting the phish to the policy office for you. To download this tool, search for PhishMe Reporter on iuware.iu.edu. And to learn more ways to report, visit phishing.iu.edu/report. While there are several ways to report a suspected phish, contacting UITS support center is a great way to get started. And if you do accidentally click on a suspected phish, contact the support center right away. So, feel free to squeal. Reporting a suspected phishing scam helps protect the entire IU community. Fine more tips to recognize, rethink and report on phishing.iu.edu.
[ Music ]
Contact your IT Pro or the UITS Support Center
If you don't have other means to report quickly, contact your IT Pro or the UITS Support Center.
UITS Support Center contact information
Forward the message to phishing@iu.edu with full headers
Using any major email provider, you can forward the message to phishing@iu.edu with full headers to report a suspected phishing email.
Learn how to forward with full headers
(Instructions for each email client are provided.)
Get more how-to help from Protect IU
The Protect IU website provides great resources for personal preparedness in online safety.
Key recommendations from the IU Knowledge Base
The IU knowledge provides recommendations to avoid scams.
Training options to boost your defenses
Hold "Think before you click" workshops
Request a "Think before you click" instructor-led workshop with IT Training.